Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Red Hat. Show all posts
Tehcnology
Cloud GitHub GitLab Internet Red Hat Tehcnology

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

Red Hat Hit by Data Breach, Hackers Exploit GitLab Instance

An extortion gang by the name of Crimson Collective claimed to have stolen approximately 570GB of compressed data from internal development repositories belonging to Red Hat. Red Hat confirmed the breach impacted one of its GitLab instances.

The stolen data contains around 800 Customer Engagement Reports (CERs), which contain sensitive data about a customer’s platform and network. A CER is a consulting document made for clients that includes infrastructure data, configuration details, authentication tokens, and other data that could be exploited to attack customer networks. 

Red Hat confirmed that it was hit by a security breach impacting its consulting business, but it has not confirmed any of the threat actor’s claims about the stolen GitLab repositories and customer CERs. 

According to Bleeping Computer’s conversation with the hacker, the breach happened two weeks ago. Threat actors allegedly accessed the full database URIs, authentication tokens, and private data in Red Hat CERs and code. They claim that the data was used to get access to the downstream customer infrastructure.

The hacking gang also released a full directory containing the list of the allegedly extracted GitLab repositories and a list of CERs between 2020 and 2025 on Telegram. 

The directory list of CERs contains various sectors and famous organizations like AT&T, Fidelity, Kaiser, Bank of America, Mayo Clinic,  T-Mobile, Costco, Federal Aviation Administration, the US Navy’s Naval Surface Warfare Center, the House of Representatives, etc. 

The hackers claim they contacted Red Hat with an extortion ransom, but did not get any reply except a message asking the hackers to provide a vulnerability report to Red Hat’s security team.

"We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements. Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities. Our ongoing investigation found that an unauthorized third party had accessed and copied some data from this instance," said Red Hat

Read more »
Red Hat
Cyberattacks Data Breach Data Theft Red Hat

Red Hat Confirms Breach of GitLab Instance Linked to Consulting Team

 

Red Hat has acknowledged a cybersecurity incident involving one of its GitLab instances after a hacker group calling itself Crimson Collective claimed to have stolen a significant amount of company data. 

The enterprise software provider clarified that the breach did not affect its GitHub repositories, as initially reported, but rather a GitLab instance used internally by its Consulting division. 

According to the attackers, they obtained around 570 GB of compressed data from roughly 28,000 private repositories, which allegedly contained source code, credentials, configuration files, and customer engagement reports (CERs). 

The group also asserted that the stolen information gave them access to customer systems. Reports indicate that the hackers attempted to extort Red Hat, but the company did not comply. 

Sources told International Cyber Digest that Red Hat had minimal contact with the threat actors and refused to meet their demands. A separate analysis by SOCRadar suggested that data from as many as 800 Red Hat customers could have been exposed. 

The list of potentially affected entities reportedly includes large corporations such as IBM, Siemens, Verizon, and Bosch, as well as several U.S. government bodies, including the Department of Energy, NIST, and the NSA. 

In a blog post addressing the incident, Red Hat explained that the compromised GitLab system was used mainly for collaborative consulting work and contained materials such as sample code, project details, and internal communications. 

The company emphasised that the instance does not usually store personal or highly confidential information and that no evidence of sensitive data exposure has been found so far. 

“At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain,” Red Hat said in a statement shared with SecurityWeek. 

While Red Hat has not directly addressed claims that customer infrastructure was accessed, cybersecurity experts note that ransomware and extortion groups often exaggerate such assertions to increase pressure on victims. 

The company has confirmed that an internal investigation is ongoing to assess the full extent of the breach and strengthen its systems against future threats.
Read more »
Subscribe to: Comments (Atom)